Setup and Secure WordPress - Common WordPress Security Mistakes (Part 1). Many people put in a lot of time, work and frequently money into their web site to ensure it easy to use, and operate smoothly. So in this post we try to really help one Stay clear of some of the most common security problems. We will advise you regarding to some of most frequent security mistakes individuals make. Here are some WordPress security Problems to Avoid, enabling you to Setup and Secure WordPress better. 1: Hosting, WordPress security starts with the hosting environment. In fact according to Jane Williams, the author of WPMasterControl ( A Windows software app that does it all -Install WordPress, Setup WordPress, Secure WordPress, Update WordPress, Setup Backups. WPMasterControl will even install themes and plugins, whats great about it is you can use it on more than one online site after adding the web-sites to it and that alone makes it a total time saver, great for newbies or advanced users.) who's company has over 10 years experience providing clients with hosting and security consulting, over 40 percent of website hacks happen due to insecure servers. You wouldn't believe how many clients they have had to rescue from big name hosting providers providing totally insecure shared hosting, vps's and dedicated servers. The most awful thing is the clients believe that they reside in safehands, and yet the minute it all goes bad these guys are no where to be seen. You can see the need for quality hosting to make sure your internet site is secure. Hosting is one of those areas where you get what you pay for most of the time. As Jane said and i just can't stress enough, with low quality hosting providers you often have security which takes alot to be desired to start with and afterwards no support the minute stuff goes wrong. For that reason i can not point out enough you ought to regard your hosting as a company investment. Specifically because for a hack to be a success your site may not of been the target yet caught up in automated scripts trying to find exploits as when you are on a shared hosting environment alot of the time once one of the web-sites is compromised the others might just be taken down as collateral damage. 2: Failing to Keep Up to Date If you have been working with WordPress for a while, you will be aware that the platform is regularly updated. Later versions of WordPress will auto update minor updates. Be aware though that major updates can cause conflicts with plugins and themes. Vulnerable plugins and themes account for the majority of all hacked WordPress websites. Here again is where WPMasterControl comes in, not only will it auto update all your plugins and themes it has already made a backup you can restore if such a point was to happen. Totally takes the headache out of WordPress niggles in many ways. 3: Using weak Login Information. Weak passwords and admins using the name Admin unfortunately are not uncommon. Login security is another common WordPress security problem. Most hacking attempts are automated. Nobody actually accesses your online site and painstakingly tries out usernames and password combinations manually. Instead, they use automated scripts that systematically try to "brute force" the details using common dictionary attacks, much faster than the amount of time than any human ever could. You should do points like Limit the number of users with admin rights. Not every person on your web-site ought to have to be in a position to perform whatever they want. In the event that your internet site currently has an admin user, change it immediately. Always use strong passwords. I use a great program called Roboform, it is on all my devices and stores all my passwords safely so i have them where ever i am. Limit login attempts to stop brute force attacks (If you are using WPMasterControl by now, it does that for you too), it's a good idea to limit how often someone can try to log in to your website before being banned. Many security plugins offer this feature but you can also use WPMasterControl to take care of it all and on autopilot too.-- For extra security your could in addition look at moving your login webpage to an unusual location. There are actually plugins for this in the WordPress repository, additionally one more smart idea is simply to password protect the web directory/ folder wpadmin (you can do this in cPanel or your hosting provider panel usually quite easily). I hope you have enjoyed part one. To Be Continued in ... "Setup and Secure WordPress - Common WordPress Security Mistakes (Part 2)". Edit: Lots of many people have asked me about WPMasterControl. Thanks for reading. |